If you are aware of a security bug (or have a proposal/implemention of a "zero day" attack), notifying us privately is in the interest of all users. We can then discuss it post-mortem. To reach us privately, please get our public keys here:

If the bug is kbpgp related, and has nothing to do with Keybase, you can post the issue here. If it has anything to do with Keybase -- the command line client, website, etc. -- please post it in our general keybase issues repo: